Format: 1.8 Date: Mon, 29 Oct 2018 05:08:37 +0000 Source: libgd2 Binary: libgd-tools libgd-dev libgd3 Architecture: source Version: 2.2.5-5+ubuntu14.04.1+deb.sury.org+1 Distribution: trusty Urgency: high Maintainer: GD Team Changed-By: Ondřej Surý Description: libgd-dev - GD Graphics Library (development version) libgd-tools - GD command line tools and example code libgd3 - GD Graphics Library Closes: 762325 773439 785403 791435 822242 829014 829062 829694 832390 839659 840805 840806 867003 879254 883760 887485 899928 906840 906886 Changes: libgd2 (2.2.5-5+ubuntu14.04.1+deb.sury.org+1) trusty; urgency=medium . * No-change backport to trusty . libgd2 (2.2.5-5) unstable; urgency=medium . * Update Vcs-* links to salsa.d.o * Update maintainers address to team+gd@tracker.d.o (Closes: #899928) * Remove Files-Excluded from d/copyright, the files just inherit the global license (Closes: #883760) . libgd2 (2.2.5-4.1) unstable; urgency=medium . * Non-maintainer upload. * Potential infinite loop in gdImageCreateFromGifCtx (CVE-2018-5711) (Closes: #887485) * bmp: check return value in gdImageBmpPtr (CVE-2018-1000222) (Closes: #906886) * Remove src/Makefile.am patching in tests-make-a-little-change-for-autopkgtest.patch. Fixes "libgd2 FTBFS: cannot find -lgd". Thanks to Helmut Grohne and Adrian Bunk (Closes: #906840) . libgd2 (2.2.5-4) unstable; urgency=medium . [ Jiří Paleček ] * Disable the test during build and run the testsuite through autopkgtest (Closes: #867003) * Make --as-needed work again . [ Ondřej Surý ] * Get rid of libgd2*-dev traces (Closes: #879254) . libgd2 (2.2.5-3) unstable; urgency=medium . * Disable gdimagerotate/bug00067 because it FTBFS on i386 . libgd2 (2.2.5-2) unstable; urgency=medium . * Fix OOB read due to crafted GD/GD2 images * Disable gdimagecopyresampled/bug00201 that makes some platforms to FTBFS . libgd2 (2.2.5-1) unstable; urgency=high . * New upstream version 2.2.5 + [CVE-2017-6362]: Double-free in gdImagePngPtr(). + [CVE-2017-7890]: Buffer over-read into uninitialized memory. * Update d/watch for the github releases * Refresh patches for the 2.2.5 release . libgd2 (2.2.4-2) unstable; urgency=medium . * Apply correct patch on tiff_invalid_read . libgd2 (2.2.4-1) unstable; urgency=medium . * New upstream version 2.2.4 * Rebase patches on top of libgd-2.2.4 release * Disable tiff/tiff_invalid_read test . libgd2 (2.2.3-87-gd0fec80-3) unstable; urgency=medium . * Disable tests/gdimagegrayscale as it breaks the 32-bit builds . libgd2 (2.2.3-87-gd0fec80-2) unstable; urgency=medium . * [CVE-2016-6911]: Fix invalid read in gdImageCreateFromTiffPtr() (Closes: #840806) . libgd2 (2.2.3-87-gd0fec80-1) unstable; urgency=medium . * Imported Upstream version 2.2.3-87-gd0fec80 + [CVE-2016-8670]: Stack Buffer Overflow in GD dynamicGetbuf + [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr() + [CVE-2016-7568]: Integer overflow in gdImageWebpCtx (Closes: #840805, #840806, #839659) * Refresh patches on top of git snapshot 2.2.3-87-gd0fec80 * Replace -dbg with -dbgsym packages * Disable php_bug_72339 that has overflow constant * Fix error: ISO C99 requires at least one argument for the "..." in a variadic macro . libgd2 (2.2.3-3) unstable; urgency=medium . * Initialize error in tests/gd2/gd2_read.c . libgd2 (2.2.3-2) unstable; urgency=medium . * Remove the failing test from the test suite rather than juggling with architecture tests (Closes: #832390) . libgd2 (2.2.3-1) unstable; urgency=medium . * Imported Upstream version 2.2.3 . libgd2 (2.2.2-43-g22cba39-2) unstable; urgency=medium . * Use DEB_HOST_ARCH instead of DEB_HOST_GNU_CPU to detect i386 (Closes: #832390) . libgd2 (2.2.2-43-g22cba39-1) unstable; urgency=medium . * Imported Upstream version 2.2.2-43-g22cba39 * Don't fail on failed tests to fix i386 FTBFS * Add default debian rules include to skip checking tests only on i386 . libgd2 (2.2.2-29-g3c2b605-1) unstable; urgency=medium . * Imported Upstream version 2.2.2-29-g3c2b605 + [CVE-2016-5766]: Fix Integer Overflow in _gd2GetHeader() resulting in heap overflow (Closes: #829014) + [CVE-2016-6128]: Fix invalid color index not handled, can lead to crash (Closes: #829062) + [CVE-2016-6161]: Add upstream patch to fix gif: avoid out-of-bound reads of masks array + [CVE-2016-6132]: Fix out-of-bounds read in the parsing of TGA files (Closes: #829694) + [CVE-2016-6214]: Fix read out-of-bands was found in TGA + Fix another out-of-bounds read in read_image_tga (upstream #248) * Remove patches merged upstream . libgd2 (2.2.1-1) unstable; urgency=medium . [ Salvatore Bonaccorso ] * Imported Debian patch 2.1.1-4.1 . [ Ondřej Surý ] * Imported Upstream version 2.2.0 * Delete obsolete patches * Don't install obsolete gdlib-config * [CVE-2015-8874]: Stack consumption vulnerability in GD allows remote attackers to cause a denial of service via a crafted imagefilltoborder call * Build with libwebp-dev instead of old libvpx-dev * Initialize full_filename in tests/gdimagefile/gdnametest.c * Imported Upstream version 2.2.1 * CVE-2015-8874 is now fixed in the upstream release . libgd2 (2.1.1-4.1) unstable; urgency=high . * Non-maintainer upload (with Ondrej's approval directly uploaded) * CVE-2016-3074: Signedness vulnerability causing heap overflow (Closes: #822242) . libgd2 (2.1.1-4) unstable; urgency=medium . * Fix xmp vs xpm typo in Provides (Closes: #791435) . libgd2 (2.1.1-3) unstable; urgency=medium . * Add libgd-{no,}xmp-dev to libgd-dev Provides to fix FTBFS in packages still depending on old name (Closes: #791435). Thanks Mattia Rizzolo for catching this early. . libgd2 (2.1.1-2) unstable; urgency=medium . * Drop libgd2-{xpm,noxmp}-dev dummy packages . libgd2 (2.1.1-1) unstable; urgency=medium . [ Sebastian Ramacher ] * Fix build against libvpx 1.4 (Closes: #785403) . [ Mario Lang ] * Fix Vcs-* URL in debian/control. . [ Ondřej Surý ] * New upstream version 2.1.1 * Update patches for GD 2.1.1 release . libgd2 (2.1.0-5) unstable; urgency=high . * Remove seanius from Uploaders. So Long, and Thanks for All the Fish. (Closes: #773439) * Fix buffer overflow found by Jan Bee and fixed by Remi Collet . libgd2 (2.1.0-4.1) unstable; urgency=medium . * Non-maintainer upload. * Make package binNMU-safe by converting empty transitional packages to arch=any. (Closes: #762325) . libgd2 (2.1.0-4) unstable; urgency=medium . * [CVE-2014-2497]: NULL pointer dereference Checksums-Sha1: fc5101053b64fab39416d68d6b32bf3feaa717c5 2434 libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1.dsc 281af8e7e9c798d368caf8758b983c4d8c24d9ec 3326856 libgd2_2.2.5.orig.tar.gz af70100c7070ff54b8d929953a3d26e4883e13e4 33264 libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1.debian.tar.xz ebadb2341eeca60cc64046734b18767ecbccc70c 6527 libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1_source.buildinfo Checksums-Sha256: ac51ade6741cf8ee5c5fe27ba3f4dbb241e5118fe3ab2c6fa3feb689e85fe1f8 2434 libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1.dsc 150e6952af874bbccb33cf0f87288b41a8fd54f0ce4cff914ef90a80ef9d0162 3326856 libgd2_2.2.5.orig.tar.gz 461eb59af6719bc3248e9748a605924085144cc644548e9122935a94797cff97 33264 libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1.debian.tar.xz ab0576779d296058151d5f1b678bb2abc6011709c4c73a777573919865bd99ad 6527 libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1_source.buildinfo Files: 6119179d0c312c86a11bcd5bbbaad095 2434 graphics optional libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1.dsc d851cf184ccb9272b728ccb938c25b25 3326856 graphics optional libgd2_2.2.5.orig.tar.gz 8cbc6a42a7813902e513103929aa00b2 33264 graphics optional libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1.debian.tar.xz c0518eae1481a7832f6ff82cc708c1fe 6527 graphics optional libgd2_2.2.5-5+ubuntu14.04.1+deb.sury.org+1_source.buildinfo